hxxps://www[.]mediafire[.]com/file/21zhnouvlb2iv4d/Solara[.]zip/file

Analysis

max time kernel
108s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
02/05/2024, 11:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/21zhnouvlb2iv4d/Solara.zip/file

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1920	msedge.exe
1920	msedge.exe
4980	msedge.exe
4980	msedge.exe
5616	identity_helper.exe
5616	identity_helper.exe
5332	msedge.exe
5332	msedge.exe
232	Solara.exe
232	Solara.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4980 wrote to memory of 1856	4980	msedge.exe	82
PID 4980 wrote to memory of 1856	4980	msedge.exe	82
PID 4980 wrote to memory of 1156	4980	msedge.exe	83
PID 4980 wrote to memory of 1156	4980	msedge.exe	83
PID 4980 wrote to memory of 1156	4980	msedge.exe	83
PID 4980 wrote to memory of 1156	4980	msedge.exe	83
PID 4980 wrote to memory of 1156	4980	msedge.exe	83
PID 4980 wrote to memory of 1156	4980	msedge.exe	83
PID 4980 wrote to memory of 1156	4980	msedge.exe	83
PID 4980 wrote to memory of 1156	4980	msedge.exe	83
PID 4980 wrote to memory of 1156	4980	msedge.exe	83
PID 4980 wrote to memory of 1156	4980	msedge.exe	83
PID 4980 wrote to memory of 1156	4980	msedge.exe	83
PID 4980 wrote to memory of 1156	4980	msedge.exe	83
PID 4980 wrote to memory of 1156	4980	msedge.exe	83
PID 4980 wrote to memory of 1156	4980	msedge.exe	83
PID 4980 wrote to memory of 1156	4980	msedge.exe	83
PID 4980 wrote to memory of 1156	4980	msedge.exe	83
PID 4980 wrote to memory of 1156	4980	msedge.exe	83
PID 4980 wrote to memory of 1156	4980	msedge.exe	83
PID 4980 wrote to memory of 1156	4980	msedge.exe	83
PID 4980 wrote to memory of 1156	4980	msedge.exe	83
PID 4980 wrote to memory of 1156	4980	msedge.exe	83
PID 4980 wrote to memory of 1156	4980	msedge.exe	83
PID 4980 wrote to memory of 1156	4980	msedge.exe	83
PID 4980 wrote to memory of 1156	4980	msedge.exe	83
PID 4980 wrote to memory of 1156	4980	msedge.exe	83
PID 4980 wrote to memory of 1156	4980	msedge.exe	83
PID 4980 wrote to memory of 1156	4980	msedge.exe	83
PID 4980 wrote to memory of 1156	4980	msedge.exe	83
PID 4980 wrote to memory of 1156	4980	msedge.exe	83
PID 4980 wrote to memory of 1156	4980	msedge.exe	83
PID 4980 wrote to memory of 1156	4980	msedge.exe	83
PID 4980 wrote to memory of 1156	4980	msedge.exe	83
PID 4980 wrote to memory of 1156	4980	msedge.exe	83
PID 4980 wrote to memory of 1156	4980	msedge.exe	83
PID 4980 wrote to memory of 1156	4980	msedge.exe	83
PID 4980 wrote to memory of 1156	4980	msedge.exe	83
PID 4980 wrote to memory of 1156	4980	msedge.exe	83
PID 4980 wrote to memory of 1156	4980	msedge.exe	83
PID 4980 wrote to memory of 1156	4980	msedge.exe	83
PID 4980 wrote to memory of 1156	4980	msedge.exe	83
PID 4980 wrote to memory of 1920	4980	msedge.exe	84
PID 4980 wrote to memory of 1920	4980	msedge.exe	84
PID 4980 wrote to memory of 3500	4980	msedge.exe	85
PID 4980 wrote to memory of 3500	4980	msedge.exe	85
PID 4980 wrote to memory of 3500	4980	msedge.exe	85
PID 4980 wrote to memory of 3500	4980	msedge.exe	85
PID 4980 wrote to memory of 3500	4980	msedge.exe	85
PID 4980 wrote to memory of 3500	4980	msedge.exe	85
PID 4980 wrote to memory of 3500	4980	msedge.exe	85
PID 4980 wrote to memory of 3500	4980	msedge.exe	85
PID 4980 wrote to memory of 3500	4980	msedge.exe	85
PID 4980 wrote to memory of 3500	4980	msedge.exe	85
PID 4980 wrote to memory of 3500	4980	msedge.exe	85
PID 4980 wrote to memory of 3500	4980	msedge.exe	85
PID 4980 wrote to memory of 3500	4980	msedge.exe	85
PID 4980 wrote to memory of 3500	4980	msedge.exe	85
PID 4980 wrote to memory of 3500	4980	msedge.exe	85
PID 4980 wrote to memory of 3500	4980	msedge.exe	85
PID 4980 wrote to memory of 3500	4980	msedge.exe	85
PID 4980 wrote to memory of 3500	4980	msedge.exe	85
PID 4980 wrote to memory of 3500	4980	msedge.exe	85
PID 4980 wrote to memory of 3500	4980	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/21zhnouvlb2iv4d/Solara.zip/file
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb633a46f8,0x7ffb633a4708,0x7ffb633a4718
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,18091827849862030722,6509136117306803007,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,18091827849862030722,6509136117306803007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,18091827849862030722,6509136117306803007,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2612 /prefetch:8
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,18091827849862030722,6509136117306803007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,18091827849862030722,6509136117306803007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,18091827849862030722,6509136117306803007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,18091827849862030722,6509136117306803007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,18091827849862030722,6509136117306803007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,18091827849862030722,6509136117306803007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,18091827849862030722,6509136117306803007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,18091827849862030722,6509136117306803007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,18091827849862030722,6509136117306803007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,18091827849862030722,6509136117306803007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,18091827849862030722,6509136117306803007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,18091827849862030722,6509136117306803007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7188 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,18091827849862030722,6509136117306803007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7856 /prefetch:8
  2⤵
  PID:5432
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,18091827849862030722,6509136117306803007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7856 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,18091827849862030722,6509136117306803007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2036,18091827849862030722,6509136117306803007,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6004 /prefetch:8
  2⤵
  PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,18091827849862030722,6509136117306803007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,18091827849862030722,6509136117306803007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,18091827849862030722,6509136117306803007,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,18091827849862030722,6509136117306803007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8252 /prefetch:1
  2⤵
  PID:5588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,18091827849862030722,6509136117306803007,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8448 /prefetch:1
  2⤵
  PID:5584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,18091827849862030722,6509136117306803007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7968 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2036,18091827849862030722,6509136117306803007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7216 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5332

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4184

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5624

C:\Users\Admin\Desktop\Solara\Solara\Solara.exe
"C:\Users\Admin\Desktop\Solara\Solara\Solara.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8ea97ea9626a5fd10a97f474e6bc7a58

SHA1
be9a4ce3164013b48611481dae20d8f48ff9a974

SHA256
81ab17d6043d7233973b360a0bae231dfd56c6be199f89f3bb29a832532f544a

SHA512
df20057cf3753ab227384e582b92a29476609f08f38af699f47bca0133ed4a8460c13bc7e362b2fa7b05133f84f77259968a9281c467c49018756be2e9e9a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
438d734bccd524780426f7099c879ebb

SHA1
4665f7aff3adea4482b4c89794cbf2c6515af7b7

SHA256
f8b22b71ba25ff1575273996fff257688c9a64dde3465d3c2e06db7ee9ad9ed4

SHA512
fa884ff15aa7633b5237077e95411756461e7baa362d083ba32044cdeefc18682b60fa505e48b83b99006349df2915a42de3c35d4f54797f1069ae6e7d1cebcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a202a064c9c4c17d453776af7e8d6aa6

SHA1
fd55f158798077d4ccdf5eef6d04fbf345269319

SHA256
3e3310d0ac125d198335d33470d54beb18226470f7cda878df3ab9465f424505

SHA512
1ab39b1d26f22705d1cdde9240915f3736756b25192a50c88d0e092a9e70e944e0c5986d2b45d0bf6500e0a3cfcee227c25f2bddb9b0dd9fda44b79e5340e6f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
93737c873fdbf7c2de38e14f49809b2e

SHA1
5ed053a2cf0f9a7178ab98164b7d45d88071a163

SHA256
1c4f57db3bc14c87373bb262f18a944b645ea9ae8d8a97af9b2138ac5fc0f7bc

SHA512
58b6d54399a5bac2b0c6c304929abf3945fd5a203d3750f7d179283dfd3e8eb77cf211a24dcc86c3bc48d5162771e62c01b1b83351007e9c2bd6eceeebaf0217

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
304a28f596b0cb837f8e5614bd59fed0

SHA1
17a1cafc9f6885bebfadac4ecacd59b5db0519cd

SHA256
4791c3b131cb3682a5e2663e717f8da3a462e72a6eeac6d2ffd71c79ca687fd6

SHA512
a89f84315d01a1ab43c2176960037903a47145e1959ee1b7c1e4dda427fc69e4746a279698f82ec3430d8dc4b178c25f25ebb539acb176b497ad3b607247b847

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
481cd648f7ffc0c669d4d5b47c518562

SHA1
16ad7ab66cfb028883ea248179dede4b5c1e2395

SHA256
3587f7fd08300c760781d36eafaf76d5397aec4d6cc14ed40dcf29bca83c7c88

SHA512
8cf15d9497a8074d1a2c7e86e33938acfd7e420815cd60475716aef3a3b6351a1c386e252c41874bb01904422ff5bd9b6f6dc7f36488541a725203bc919ccef6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
96c9eddbb225011e270bdb95a59d0d73

SHA1
6b1108f65585ecf924849360dc40eb13c21d7e05

SHA256
bdac96e29eba18ef827c776a0a38128f52d211a12afe575cbc4b18b99eb824a4

SHA512
a2f3ef2f5880b876afe536f2fe50cbcdaba3fd7218f541e5ac72b05f5d4065c65c3b4aac502d1c5fac43ff915bdaea0c7c00a13dd2c62d546f739e3244bbbebb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57807a.TMP

Filesize
2KB

MD5
43cabc12b94852c2ae1d3818e89ae4db

SHA1
341589fbf4187df8bbddd68a7dce68d8dbabf7b0

SHA256
58485b15c09d12e3fe03856804da5c9aaca25cc5bbc0b4163b4875cf96ab854d

SHA512
de405dff77ae8debd894bf3624eb726a6cd33071e9009987215656eca5a3a4f42f99316882e448b8f867cedbf8ac9bf7251e5c12621b3e2d69e139996e58b7ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
485e3513d7687ea0544ed92fc31ad04e

SHA1
4462d0b808a603b97e022ea77d834d6ca8cd0079

SHA256
29af4df43d0d87f01b64091b2155febf11cfa035211f012a934896acf7191b06

SHA512
15b04ae1c0c0a3287706a7d89ac4351d04cd2d10b4160d26433dbdfe262ff99baae6fee3513864a08a09e484ae43b938edeb6196d5953d91ab95fd423547b641

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
257af69d5b21422c41ba48b6201ec46b

SHA1
9bdb70fa6df1dd3b1d3a6fe0c26f3bcf17d25b92

SHA256
e5fe15c72eb135699a763933e82a5a9a2e34069449773cc514a9170c5c18dfb7

SHA512
cf5cf6ea46fb84acf5096cd7fa85c96a0419cc9f28b55c41dc456f2221a020421055336b7f65da55c8c6091894f6f9a842ae0bbd298b327787390a96379bf917

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
70f57a4d1b7ab0c64d424d4a9d365ef5

SHA1
116e220c523f6d8784c4e047fe55509ab8eb98ae

SHA256
9c8f6d2c6cb3ff1f3256ce1623f1b89605576bdf0c260e50e6afeda348a4dd44

SHA512
130ef6f3c9353d5935769964cedfa4d077b061b1409ed363f3b7b20950852a25e7d109bcb29d6302d6b6f7db3e55df228b4a3e38bcf2cb927b8ef72cae247646

Download Submit
memory/232-480-0x0000016C59F40000-0x0000016C59F52000-memory.dmp

Filesize
72KB

Download
memory/232-481-0x0000016C74AD0000-0x0000016C7500C000-memory.dmp

Filesize
5.2MB

Download
memory/232-482-0x0000016C74740000-0x0000016C747FA000-memory.dmp

Filesize
744KB

Download
memory/232-483-0x0000016C5A360000-0x0000016C5A36E000-memory.dmp

Filesize
56KB

Download
memory/232-484-0x0000016C74680000-0x0000016C746FE000-memory.dmp

Filesize
504KB

Download
memory/232-485-0x0000016C74710000-0x0000016C74718000-memory.dmp

Filesize
32KB

Download
memory/232-486-0x0000016C79300000-0x0000016C79338000-memory.dmp

Filesize
224KB

Download
memory/232-487-0x0000016C74AB0000-0x0000016C74ABE000-memory.dmp

Filesize
56KB

Download
memory/232-488-0x0000016C79990000-0x0000016C79A42000-memory.dmp

Filesize
712KB

Download